873 matches found
EUVD-2026-5329
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web cache poisoning via Rails.cache. When AUTHORIZEDFETCH is enabled, the ActivityPub endpoints for pinned posts and featured hashtags have contents that...
Mastodon 安全漏洞
Mastodon is an open-source social networking server based on ActivityPub. Versions of Mastodon prior to 4.3.19, 4.4.13, and 4.5.6 have security vulnerabilities. These vulnerabilities stem from web cache poisoning, which may lead to incorrect reuse of cached content...
PT-2026-6319
Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.3.19 Mastodon versions prior to 4.4.13 Mastodon versions prior to 4.5.6 Description Mastodon, a free, open-source social network server based on ActivityPub, contains a flaw related to web cache poisoning. When the...
CVE-2026-24472 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control...
CVE-2026-24472
CVE-2026-24472 affects Hono (web framework for JavaScript runtimes) through Cache Middleware prior to version 4.11.7, where HTTP cache control handling does not respect headers like Cache-Control: private or no-store, risking private/authenticated responses being cached and exposed. The issue is ...
CVE-2026-24472 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control...
CVE-2026-24472 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control...
Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception
Summary Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control headers such as Cache-Control: private or Cache-Control: no-store, which may result in private or...
GHSA-6WQW-2P9W-4VW4 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception
Summary Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control headers such as Cache-Control: private or Cache-Control: no-store, which may result in private or...
CVE-2026-24437
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 serve sensitive administrative content without appropriate cache-control directives. As a result, browsers may store credential-bearing responses locally, exposing them to subsequent unauthorized access...
MiracleLinux 8 : python27:2.7 (AXSA:2021-2829:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2829:01 advisory. python: Unsafe use of eval on data retrieved via HTTP in the test suite CVE-2020-27619 python-jinja2: ReDoS vulnerability in the urlize filter...
MiracleLinux 8 : python38:3.8 and python38-devel:3.8 (AXSA:2022-2898:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-2898:01 advisory. python-psutil: Double free because of refcount mishandling CVE-2019-18874 python-jinja2: ReDoS vulnerability in the urlize filter CVE-2020-28493...
CVE-2021-41267
Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the "trustedheaders" allowed list are ignored and protect users from "Cache poisoning" attacks. In Symfony 5.2,...
CVE-2025-12874 HTTP Request Smuggling in Quest Coexistence Manager for Notes
Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Quest Coexistence Manager for Notes Free/Busy Connector modules allows HTTP Request Smuggling via the Content-Length-Transfer-Encoding CL.TE attack vector. This could allow an attacker to bypass access...
CVE-2024-14006
Nagios XI versions prior to 2024R1.2.2 contain a host header injection vulnerability. The application trusts the user-supplied HTTP Host header when constructing absolute URLs without sufficient validation. An unauthenticated, remote attacker can supply a crafted Host header to poison generated...
EUVD-2024-55053
Nagios XI versions prior to 2024R1.2.2 contain a host header injection vulnerability. The application trusts the user-supplied HTTP Host header when constructing absolute URLs without sufficient validation. An unauthenticated, remote attacker can supply a crafted Host header to poison generated...
CVE-2024-14006 Nagios XI < 2024R1.2.2 Host Header Injection
Nagios XI versions prior to 2024R1.2.2 contain a host header injection vulnerability. The application trusts the user-supplied HTTP Host header when constructing absolute URLs without sufficient validation. An unauthenticated, remote attacker can supply a crafted Host header to poison generated...
CVE-2024-14006
Nagios XI prior to 2024R1.2.2 is affected by a host header injection vulnerability. The app trusts the user-supplied HTTP Host header when building absolute URLs, enabling an unauthenticated remote attacker to craft a Host header that can poison generated links or responses, potentially enabling ...
CVE-2024-14006 Nagios XI < 2024R1.2.2 Host Header Injection
Nagios XI versions prior to 2024R1.2.2 contain a host header injection vulnerability. The application trusts the user-supplied HTTP Host header when constructing absolute URLs without sufficient validation. An unauthenticated, remote attacker can supply a crafted Host header to poison generated...
EUVD-2021-0038
Malware in sbrugna...